pip — CVE history (PyPI)
pip
9 CVEs affect the pip PyPI package (highest CVSS 5.5). Latest disclosed: 2026-06-01. Full CVE history sourced from NVD.
Summary
- Package
pip(PyPI)- Total CVEs
9- Actively exploited (CISA KEV)
- 0
- Highest CVSS
5.5- Latest disclosed
- 2026-06-01
Recent CVEs (top 9)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-8643 | Medium | 5.5 | — | 2026-06-01 | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory. |
CVE-2026-6357 | — | — | — | 2026-04-27 | pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. |
CVE-2026-3219 | — | — | — | 2026-04-20 | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. |
CVE-2026-1703 | — | — | — | 2026-02-02 | When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. |
CVE-2025-8869 | — | — | — | 2025-09-24 | When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. |
CVE-2023-5752 | Medium | 5.5 | — | 2023-10-24 | When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). |
CVE-2014-8991 | — | — | — | 2014-11-24 | pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. |
CVE-2013-1888 | — | — | — | 2013-08-17 | pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. |
CVE-2013-1629 | — | — | — | 2013-08-06 | pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install"… |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-8643 | Medium | 5.5 | — | 2026-06-01 | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory. |
CVE-2023-5752 | Medium | 5.5 | — | 2023-10-24 | When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). |